Skip to main content
SpringerLink
Log in

CoAP and MQTT: Characteristics and Security

  • Conference paper
  • First Online:
Emerging Trends in Intelligent Systems & Network Security (NISS 2022)

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 147))

  • 624 Accesses

Abstract

There is no doubt that Internet of Things (IoT) has a significant impact on many aspects of our lives including how we live, drive, irrigate, the way we consume energy and the way we manage our confidential and personal data. Data is generated and gathered from different lightweight IoT gadgets and smart devices using two widely protocols; Constrained Application Protocol (CoAP) and Message Queuing Telemetry Transport (MQTT). These protocols are based on Publish/Subscribe model. Nevertheless, as the use of these emerging protocols increase, the risk of attacks increases as well. Indeed, these communications come up with many security vulnerabilities. In this paper, we describe these two emerging messaging protocols to address the needs of the lightweight IoT nodes, we discuss protocols and techniques used to manage security in CoAP and MQTT, we reveal some of security limitations and issues, we conclude with some future directions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Ouakasse, F., Rakrak, S.: A comparative study of MQTT and CoAP application layer protocols via. performances evaluation. J. Eng. Appl. Sci. (JEASCI) 13(15), 6053–6061 (2018). https://doi.org/10.3923/jeasci.2018.6053.6061

  2. Ouakasse, F., Rakrak, S.: Impact of link delay variation on MQTT and CoAP based communication performances in mobile environment. Int. J. Comput. Sci. Netw. Secur. (IJCSNS) 17(8), 187–193 (2017)

    Google Scholar 

  3. Ouakasse, F., Rakrak, S.: An adaptive solution for congestion control in CoAP-based group communication. Int. J. Adv. Comput. Sci. Appl. (IJACSA) 8(6) (2017). https://doi.org/10.14569/IJACSA.2017.080629

  4. Ouakasse, F., Rakrak, S.: An improved adaptive CoAP congestion control algorithm. Int. J. Online Biomed. Eng. (iJOE) 15(03), 96–109 (2019). https://doi.org/10.3991/ijoe.v15i03.9122

    Article  Google Scholar 

  5. Bansal, M.: Performance comparison of MQTT and CoAP protocols in different simulation environments. Invent. Commun. Comput. Technol. 145, 549–560 (2020)

    Google Scholar 

  6. Davis, E.G., Calveras, A., Demirkol, I.: Improving packet delivery performance of publish/subscribe protocols in wireless sensor networks. J. Sens. 13, 648–680 (2013)

    Article  Google Scholar 

  7. Bhattacharjya, A., Zhong, X., Wang, J., Li, X.: Security challenges and concerns of Internet of Things (IoT). In: Cyber-Physical Systems: Architecture, Security and Application, pp. 153–185 (2018)

    Google Scholar 

  8. Silva, M.A., Danziger, M.: The importance of security requirements elicitation and how to do it. In: PMI Global Congress - EMEA (2015)

    Google Scholar 

  9. Capossele, A., Cervo, V., De Cicco, G., Petrioli, C.: Security as a CoAP resource: an optimized DTLS implementation for the IoT. In: IEEE International Conference on Communications (ICC), pp. 549–554 (2015). https://doi.org/10.1109/ICC.2015.7248379

  10. Shaheen, S.H., Yousaf, M.: Security analysis of DTLS structure and its application to secure multicast communication. In: 12th International Conference on Frontiers of Information Technology (2015). https://doi.org/10.1109/FIT.2014.39

  11. Westphall, J., Loffi, L., Westphall, C.M., Martina, J.E.: CoAP + DTLS: a comprehensive overview of cryptographic performance on an IOT scenario. In: IEEE Sensors Applications Symposium (SAS) (2020). https://doi.org/10.1109/SAS48726.2020.9220033

  12. Kumar, P.M., Gandhi, U.D.: Enhanced DTLS with CoAP-based authentication scheme for the internet of things in healthcare application. J. Supercomput. 76(6), 3963–3983 (2017). https://doi.org/10.1007/s11227-017-2169-5

    Article  Google Scholar 

  13. Pereira, P.P., Eliasson, J., Delsing, J.: An authentication and access control framework for CoAP-based Internet of Things. In: 40th Annual Conference of the IEEE Industrial Electronics Society (2015). https://doi.org/10.1109/IECON.2014.7049308

  14. Al Ghamedy, T., Lasebae, A., Aiash, M.: Security analysis of the constrained application protocol in the Internet of Things. In: Second International Conference on Future Generation Communication Technologies (2014). https://doi.org/10.1109/FGCT.2013.6767217

  15. Bhattacharjya, A., Zhong, X., Wang, J., Li, X.: CoAP-application layer connection-less lightweight protocol for the Internet of Things (IoT) and CoAP-IPSEC security with DTLS supporting CoAP. In: Farsi, M., Daneshkhah, A., Hosseinian-Far, A., Jahankhani, H. (eds.) Digital Twin Technologies and Smart Cities, pp. 151–175. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-18732-3_9

  16. Tamboli, M.B., Dambawade, D.: Secure and efficient CoAP based authentication and access control for Internet of Things (IoT). In: IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (2016). https://doi.org/10.1109/RTEICT.2016.7808031

  17. Rahman, R.A., Shah, B.: Security analysis of IoT protocols: a focus in CoAP. In: 3rd MEC International Conference on Big Data and Smart City (ICBDSC), pp. 1–7 (2016). https://doi.org/10.1109/ICBDSC.2016.7460363

  18. Esquiagola, J., Costa, L., Calcina, P., Zuffo, M.: Enabling CoAP into the swarm: a transparent interception CoAP-HTTP proxy for the Internet of Things. In: Global Internet of Things Summit (GIoTS), pp. 1–6 (2017). https://doi.org/10.1109/GIOTS.2017.8016220

  19. Prantl, T., Iffländer, L., Herrnleben, S., Engel, S., Kounev, S., Krupitzer, C.: Performance impact analysis of securing MQTT using TLS. In: International Conference on Performance Engineering, pp. 241–248 (2021). https://doi.org/10.1145/3427921.3450253

  20. Neisse, R., Steri, G., Baldini, G.: Enforcement of security policy rules for the Internet of Things. In: IEEE 10th International Conference on Wireless and Mobile Computing, Networking and Communications (2014). https://doi.org/10.1109/WiMOB.2014.6962166

  21. Soni, D., Makwana, A.: A survey on MQTT: a protocol of Internet of Things (IoT). In: International Conference on Telecommunication, Power Analysis and Computing Techniques (2017)

    Google Scholar 

  22. Katsikeas, S., Fysarakis, K., Miaoudakis, A., Bemten, A.V., et al.: Lightweight & secure industrial IoT communications via the MQ telemetry transport protocol. In: IEEE Symposium on Computers and Communications (ISCC) (2017). https://doi.org/10.1109/ISCC.2017.8024687

  23. Singh, M., Rajan, M.A., Shivraj, V.L., Balamuralidhar, P.: Secure MQTT for Internet of Things (IoT). In: Fifth International Conference on Communication Systems and Network Technologies (2015). https://doi.org/10.1109/CSNT.2015.16

  24. Niruntasukrat, A., Issariyapat, C., Pongpaibool, P., Meesublak, K., et al.: Authorization mechanism for MQTT-based Internet of Things. In: IEEE International Conference on Communications Workshops (ICC) (2016). https://doi.org/10.1109/ICCW.2016.7503802

  25. Fremantle, P., Aziz, B., Kopecký, J., Scott, P.: Federated identity and access management for the Internet of Things. In: International Workshop on Secure Internet of Things (2014). https://doi.org/10.1109/SIoT.2014.8

  26. Perrone, G., Vecchio, M., Pecori, R., Giaffreda, R.: The day after Mirai: a survey on MQTT security solutions after the largest cyber-attack carried out through an army of IoT devices. In: 2nd International Conference on Internet of Things, Big Data and Security (2017)

    Google Scholar 

  27. SeongHan, S., Kazukuni, K., Chia-Chuan, C., Weicheng, H.: A security framework for MQTT. In: IEEE Conference on Communications and Network Security (CNS) (2016). https://doi.org/10.1109/CNS.2016.7860532

  28. Patel, C., Dishi, N.: A novel MQTT security framework in generic IoT model. Procedia Comput. Sci. 171, 1399–1408 (2020). https://doi.org/10.1016/j.procs.2020.04.150

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Laboratory of Computer and Systems Engineering (L2IS), Faculty of Sciences and Techniques, Cadi Ayyad University, Marrakesh, Morocco

    Fathia Ouakasse & Said Rakrak

  2. Private University of Marrakesh, Marrakesh, Morocco

    Fathia Ouakasse

Authors
  1. Fathia Ouakasse
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Said Rakrak
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fathia Ouakasse .

Editor information

Editors and Affiliations

  1. FST Tangier, Abdelmalek Essaâdi University, Tetouan, Morocco

    Mohamed Ben Ahmed

  2. FST Tangier, Abdelmalek Essaâdi University, Tetouan, Morocco

    Boudhir Anouar Abdelhakim

  3. University of Stuttgart, Stuttgart, Germany

    Bernadetta Kwintiana Ane

  4. Research Center for Informatics at National Research and Innovation Agency (BRIN), Jawa Barat, Indonesia

    Didi Rosiyadi

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ouakasse, F., Rakrak, S. (2023). CoAP and MQTT: Characteristics and Security. In: Ben Ahmed, M., Abdelhakim, B.A., Ane, B.K., Rosiyadi, D. (eds) Emerging Trends in Intelligent Systems & Network Security. NISS 2022. Lecture Notes on Data Engineering and Communications Technologies, vol 147. Springer, Cham. https://doi.org/10.1007/978-3-031-15191-0_15

Download citation

Publish with us

Policies and ethics

Search

Navigation